Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Threat of the month: Java exploits

Remote code execution vulnerabilities affecting Java prior to version 7 Update 25, which allow a complete sandbox bypass via browsers and allow attackers to take access of the affected system.

How does it work?

Issues fixed in the update include memory corruption as well as arbitrary method invocation vulnerabilities. Some of these issues can be leveraged by convincing a user to visit a web page that contains malicious Java content.

Should I be worried?

Yes, exploits for some of the vulnerabilities are now beginning to surface in frameworks like Metasploit, which equips attackers with fully working exploits. Users should show caution when visiting untrusted websites if their systems are not fully patched.

How can I prevent it?

Oracle has issued version 7 Update 25, which fixes the vulnerabilities, and any system using an older version should update. Additionally, Java now has the default security level of “High,” which makes it harder for attackers to run untrusted applets on a victims system.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.